Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Client Isolation by Default

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 6 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • johnpozJ
      johnpoz LAYER 8 Global Moderator
      last edited by

      Yeah my switches do it - not sure about the 40$ ones though.. Your saying the $40 tplink that don't really do vlans correctly and don't allow you remove vlan 1 in old versions support private vlans?

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      JKnottJ 1 Reply Last reply Reply Quote 0
      • JKnottJ
        JKnott @johnpoz
        last edited by JKnott

        @johnpoz

        Hang on a minute while I check.
        .
        .
        .
        Sorry, I didn't remember correctly. I must have been thinking of my crappy TP-Link AP, which does have that. It also doesn't do VLANs correctly.

        PfSense running on Qotom mini PC
        i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
        UniFi AC-Lite access point

        I haven't lost my mind. It's around here...somewhere...

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          Yeah many a AP can do client isolation keeping wireless devices from talking to each other.. Even the crappiest of 20$ wifi router support this feature quite often ;)

          But wired switches, I think they need to be more of a full managed switch.. Doesn't it mean it has to be $1k enterprise.. My 200$ small business sg300's can do it for example.

          The work around for when you have a handful of devices sure is viable even on a $40 smart switch... That works if you have only a handful of devices.. But what if you had 100 ;) hehehehe

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          • noplanN
            noplan
            last edited by

            Vlan hoppin and tp link
            And yes the hard way when you do not trust your cheap switch

            JKnottJ 1 Reply Last reply Reply Quote 0
            • JKnottJ
              JKnott @noplan
              last edited by

              @noplan

              I don't use that TP-Link switch for VLANs. I've configured it to use as a data tap, so I can monitor Ethernet connections with Wireshark. It works fine there.

              PfSense running on Qotom mini PC
              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
              UniFi AC-Lite access point

              I haven't lost my mind. It's around here...somewhere...

              1 Reply Last reply Reply Quote 0
              • noplanN
                noplan
                last edited by

                any suggestions for a cheap switch that can do client isolation out of the box ?
                ;) brNP

                A 1 Reply Last reply Reply Quote 0
                • A
                  akuma1x @noplan
                  last edited by

                  @noplan said in Client Isolation by Default:

                  any suggestions for a cheap switch that can do client isolation out of the box ?
                  ;) brNP

                  D-Link has a cheap ($35 USD) managed switch, the DGS-1100-05. I quickly looked at the overview, but, like @johnpoz says, a manufacturer could call it something completely different. I didn't see the words "client isolation" specifically. You might have to chat or call them to ask.

                  You could, and I'm not saying it's a good idea, but you could, with that switch, setup VLANs to do some basic isolation.

                  Jeff

                  1 Reply Last reply Reply Quote 0
                  • noplanN
                    noplan
                    last edited by

                    Yeah I feel ya

                    That's exactly why we used the hard not well scalable approach for a 8 port switch ;)

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by johnpoz

                      @noplan
                      So dlink calls it Asymmetric VLANs

                      Its the same thing - so yeah your good with a switch like that..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • noplanN
                        noplan
                        last edited by

                        Hey thanks for the hint
                        We got here some dgs-1100-08 hanging around in their dusty boxes :)

                        Let's go testin!!!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.